geraldkrug
commented
5 years ago http://g-d-k.com/authn/example/index.php
This is the way to use webauthn in production.
Closed CloakformGit closed 5 years ago
geraldkrug
commented
5 years ago http://g-d-k.com/authn/example/index.php
This is the way to use webauthn in production.
CloakformGit
commented
5 years ago http://g-d-k.com/authn/example/index.php
This is the way to use webauthn in production.
Hi, sorry but I don't think so. Your script doesn't work at all on my Samsung S7 or Chrome on Windows. No hardware key/fingerprint prompt at all..
The solution at webauthn.io is by far the best UX (they also remember the device so when login you get the prompt for the key type you registrered with. However, their code is in Go and Java.
Yes, David's solution might need some polishing (like storing the data in a database, but I understand the use of files is just for demo purposes) but comes a long way. @davidearl Hope you read this and can update the login (incl. saving the type of used hard/soft key) part ;)
geraldkrug
commented
5 years ago Thank you, I aim to not use fingerprint, gestures or eyes. Seems the webauthn challenge is the best part of this so a registration to login without email is the future. I connected webauthn to a pastebin and it's perfect ;)
geraldkrug
commented
5 years ago I added auto complete to the form
geraldkrug
commented
5 years ago And I found an android app. "LoginPlus" that populates the focused web form.
geraldkrug
commented
5 years ago Ok image checking added to login form as an added challenge.
CloakformGit
commented
5 years ago Hi Gerald, i only submitted a bug to david... I personally don't like your solution(s) (not what were looking for) and find it strange/kind of disrespectful that you keep "advertising" your scripts in someone elses script issue tracker. Nice to see that you're so passionate, but please post notifications on your own github page :)
davidearl
commented
5 years ago I added some notes to the code about using with fingerprint, and a longer discussion in similar issue #6 . Note that for Android Pie, there appears to need to be one change which doesn't conform to the spec, though I think it would be safe in practice. Closing this one now.
Hi, great work! Found a bug though: registering works, chrome prompts for 3 types of hard keys and fingerprint option. When try to login, the fingerprint option is missing... Tried to add internal to transport options but no effect. On webauthn.io it works very smooth because it saves the device type so you can immediatly use fingerprint for login instead of having to selecting it first. Maybe a good addition? Try webauthn.io on mobile to see what i mean ;)